Authentication for social media clients

I’m trying to understand the right/best setup for authentication or at least identification when creating a Twitter or Reddit client.

To authorize an app to access your social account you request an access token and then save and use that token to authenticate calls on the user’s behalf like posting.

Now once I get that token and save it to the user record in xano, unless I also save it to the front end app or save the user record id, I can’t know which user record to use when making api calls.

I can see how it would make sense to use xano authentication as the token that connects the front and backends but the user doesn’t have or need a second layer account credentials like a username and password for the app I’m building. They just log in with their social account (on the social site’s page in a web view) and in fact they might log in with multiple accounts and switch between them regularly.

So if I don’t have or want to use a username and password to create a xano authentication, can I make one without those and how? Or should I be just saving the social access token as that key?

Thanks